From caa5657d87c08f808feb78918adab0ade1c58903 Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Wed, 15 Jan 2025 15:01:15 +0200
Subject: [PATCH] K8SPG-554: add `.spec.tlsOnly`

https://perconadev.atlassian.net/browse/K8SPG-554
---
 charts/pg-db/README.md              | 1 +
 charts/pg-db/templates/cluster.yaml | 2 ++
 charts/pg-db/values.yaml            | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/charts/pg-db/README.md b/charts/pg-db/README.md
index d7afabe01..6b6923b4f 100644
--- a/charts/pg-db/README.md
+++ b/charts/pg-db/README.md
@@ -48,6 +48,7 @@ The chart can be customized using the following configurable parameters:
 | `customRootCATLSSecret.items`     | Key-value pairs of the `key` (a key from the `secrets.customRootCATLSSecret.name` secret) and the `path` (name on the file system) for the custom root certificate and key                              | ``                                                           |
 | `customTLSSecret.name`            | A secret with TLS certificate generated for external communications                                                                                                                                     | `""`                                                         |
 | `customReplicationTLSSecret.name` | A secret with TLS certificate generated for internal communications                                                                                                                                     | `""`                                                         |
+| `tlsOnly`                         | Set to true to force all HBA records to use the `hostssl` record type.                                                                                                                                  | `false`                                                      |
 | `openshift`                       | Set to true if the cluster is being deployed on OpenShift, set to false otherwise, or unset it for autodetection                                                                                        | `false`                                                      |
 | `users.name`                      | The name of the PostgreSQL user                                                                                                                                                                         | `""`                                                         |
 | `users.databases`                 | Databases accessible by a specific PostgreSQL user with rights to create objects in them (the option is ignored for postgres user; also, modifying it can’t be used to revoke the already given access) | `{}`                                                         |
diff --git a/charts/pg-db/templates/cluster.yaml b/charts/pg-db/templates/cluster.yaml
index 78b6a475d..ccf1e3149 100644
--- a/charts/pg-db/templates/cluster.yaml
+++ b/charts/pg-db/templates/cluster.yaml
@@ -41,6 +41,8 @@ spec:
     {{- end }}
   {{- end }}
 
+  tlsOnly: {{ .Values.tlsOnly }}
+
   openshift: {{ default false .Values.openshift }}
   
   {{- if .Values.users }}
diff --git a/charts/pg-db/values.yaml b/charts/pg-db/values.yaml
index e507f8e85..49aededf5 100644
--- a/charts/pg-db/values.yaml
+++ b/charts/pg-db/values.yaml
@@ -34,6 +34,8 @@ customTLSSecret:
 customReplicationTLSSecret:
   name: ""
 
+# tlsOnly: false
+
 # openshift: true
 
 # users: